Package entropy :: Module security :: Class System

Class System

source code


~~ GIVES YOU WINGS ~~

This class implements the Entropy packages Security framework.
It can be used to retrieve security advisories, get information
about unapplied advisories, etc.

For specifications about security advisories metadata format, please see
docs/metadata/glsa.dtd. Your Source Package Manager must implement
advisories in this format, with file names ordered by your own criteria,
which will be matched 1:1 here.
You should provide a compressed .tar.gz or .tar.bz2 package containing such
xml files in a way that can be downloaded and installed by this class.
Your distribution should expose a publicly available URL as well as a valid
"securityurl" parameter inside repositories.conf.

To sum up, you as distributor should:
1. implement your security advisories xml files by looking at
    docs/metadata/glsa.dtd specifications.
2. setup a cronjob that compresses your unpacked list of advisories
    to a file inside a publicly available URL as well as a valid .md5
    file.
3. provide a default repositories.conf file with securityurl| pointing
    to that file (HTTP, FTP and FILE protocols supported).
4. Optionally, in the same dir you could make available a GPG public
    key and a GPG signature of your security advisories .tar.* file.
    The former MUST be named signature.asc while the latter must match
    securityurl value plus ".asc"

This class uses a SystemResourcesLock resource lock internally, there is
no need for external synchronization primitives.

Nested Classes
  UpdateError
Raised when security advisories couldn't be updated correctly
Instance Methods
 
__init__(self, entropy_client, security_dir=None, url=None)
Object constructor.
source code
list
list(*args, **kwargs)
Return a list of all the available advisory identifiers.
source code
dict
advisories(*args, **kwargs)
Return the metadata for all the advisories.
source code
dict or None
advisory(*args, **kwargs)
Return the advisory metadata for the given GLSA advisory id.
source code
set
affected(*args, **kwargs)
Return a list (set) of dependencies that are currently affected by the GLSA in the passed advisory metadata.
source code
set
affected_id(self, advisory_id)
Return a list (set) of dependencies that are currently affected by the GLSA in the passed advisory metadata.
source code
set
vulnerabilities(*args, **kwargs)
Return a list (set) of advisory identifiers for which the system is currently vulnerable.
source code
set
fixed_vulnerabilities(*args, **kwargs)
Return a list (set) of advisory identifiers for which the system is currently not vulnerable.
source code
bool
available(*args, **kwargs)
Return whether security advisories are available.
source code
int
update(*args, **kwargs)
Update the local advisories by downloading a new version online.
source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Properties

Inherited from object: __class__

Method Details

__init__(self, entropy_client, security_dir=None, url=None)
(Constructor)

source code 

Object constructor.

Parameters:
  • entropy_client (entropy.client.interfaces.Client instance) - an Entropy Client based object instance
  • security_dir (string or None) - the directory where security advisores are written and read
  • url (string or None) - url from where advisories are fetched from
Overrides: object.__init__

list(*args, **kwargs)

source code 

Return a list of all the available advisory identifiers.

Returns: list
a list of GLSA-IDs
Decorators:
  • @systemshared

advisories(*args, **kwargs)

source code 

Return the metadata for all the advisories. This method is heavy and should not be used.

Returns: dict
advisories metadata
Decorators:
  • @systemshared

advisory(*args, **kwargs)

source code 

Return the advisory metadata for the given GLSA advisory id. If the advisory does not exist or is broken, None is returned.

Returns: dict or None
the advisory metadata dictionary
Decorators:
  • @systemshared

affected(*args, **kwargs)

source code 

Return a list (set) of dependencies that are currently affected by the GLSA in the passed advisory metadata.

Parameters:
  • metadata (dict) - a single advisory metadata dictionary
Returns: set
a set of package dependencies that have been found in the installed packages repository
Decorators:
  • @systemshared

affected_id(self, advisory_id)

source code 

Return a list (set) of dependencies that are currently affected by the GLSA in the passed advisory metadata.

Parameters:
  • advisory_id (string) - an advisory identifier
Returns: set
a set of package dependencies that have been found in the installed packages repository

vulnerabilities(*args, **kwargs)

source code 

Return a list (set) of advisory identifiers for which the system is currently vulnerable.

Returns: set
list (set) of advisory identifiers
Decorators:
  • @systemshared

fixed_vulnerabilities(*args, **kwargs)

source code 

Return a list (set) of advisory identifiers for which the system is currently not vulnerable.

Returns: set
list (set) of advisory identifiers
Decorators:
  • @systemshared

available(*args, **kwargs)

source code 

Return whether security advisories are available.

Returns: bool
True, if advisories are available
Decorators:
  • @systemshared

update(*args, **kwargs)

source code 

Update the local advisories by downloading a new version online.

Returns: int
exit code
Decorators:
  • @systemexclusive